Remote code execution in Hewlett Packard Enterprise Development LP products - CVE-2016-4373
Published: July 26, 2016
Vulnerability identifier: #VU214
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: CVE-2016-4373
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Hewlett Packard Enterprise Development LP
Affected software:
HP Operations Manager for Linux
HP Operations Manager for Solaris
HP Operations Manager for Unix
HP Operations Manager for Linux
HP Operations Manager for Solaris
HP Operations Manager for Unix
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC). A remote unauthenticated attacker can cause a remote code execution.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability exists in HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC). A remote unauthenticated attacker can cause a remote code execution.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2016-4373
Download the HP OM 9.21.130 patch at:
https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/KM322544?...
https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/KM322544?...